@rocketleap/cdk-organizations
Version:
Manage AWS organizations, organizational units (OU), accounts and service control policies (SCP).
73 lines • 10.7 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.AccountProvider = void 0;
const aws_cdk_lib_1 = require("aws-cdk-lib");
const aws_iam_1 = require("aws-cdk-lib/aws-iam");
const aws_stepfunctions_1 = require("aws-cdk-lib/aws-stepfunctions");
const custom_resources_1 = require("aws-cdk-lib/custom-resources");
const is_complete_handler_function_1 = require("./is-complete-handler-function");
const on_event_handler_function_1 = require("./on-event-handler-function");
/**
* Creates a custom resource provider to asynchronously create Accounts in AWS organization. <strong>Account deletion is currently not supported!</strong>
*
* @see https://docs.aws.amazon.com/cdk/api/v1/docs/custom-resources-readme.html#provider-framework
*/
class AccountProvider extends aws_cdk_lib_1.NestedStack {
/**
* Retrieve AccountProvider as stack singleton resource.
*
* @see https://github.com/aws/aws-cdk/issues/5023
*/
static getOrCreate(scope) {
const stack = aws_cdk_lib_1.Stack.of(scope);
const id = "cdk-organizations.AccountProvider";
const existing = stack.node.tryFindChild(id);
return existing || new AccountProvider(stack, id, {});
}
constructor(scope, id, props) {
super(scope, id, props);
const organizationsRegion = process.env.CDK_AWS_PARTITION === "aws-cn" ? "cn-northwest-1" : "us-east-1";
this.onEventHandler = new on_event_handler_function_1.OnEventHandlerFunction(this, "OnEventHandlerFunction", {
environment: {
ORGANIZATIONS_ENDPOINT_REGION: organizationsRegion,
},
timeout: aws_cdk_lib_1.Duration.minutes(10),
initialPolicy: [
new aws_iam_1.PolicyStatement({
actions: ["organizations:CreateAccount", "organizations:ListAccounts"],
resources: ["*"],
}),
],
});
this.isCompleteHandler = new is_complete_handler_function_1.IsCompleteHandlerFunction(this, "IsCompleteHandlerFunction", {
environment: {
ORGANIZATIONS_ENDPOINT_REGION: organizationsRegion,
},
timeout: aws_cdk_lib_1.Duration.minutes(1),
initialPolicy: [
new aws_iam_1.PolicyStatement({
actions: [
"organizations:DescribeCreateAccountStatus",
"organizations:ListAccounts",
"organizations:DescribeAccount",
"organizations:ListParents",
"organizations:ListRoots",
"organizations:MoveAccount",
],
resources: ["*"],
}),
],
});
this.provider = new custom_resources_1.Provider(this, "Provider", {
onEventHandler: this.onEventHandler,
isCompleteHandler: this.isCompleteHandler,
queryInterval: aws_cdk_lib_1.Duration.seconds(5),
waiterStateMachineLogOptions: {
level: aws_stepfunctions_1.LogLevel.ALL,
includeExecutionData: false,
},
});
}
}
exports.AccountProvider = AccountProvider;
//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiYWNjb3VudC1wcm92aWRlci5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uLy4uL3NyYy9hY2NvdW50LXByb3ZpZGVyL2FjY291bnQtcHJvdmlkZXIudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsNkNBQTZFO0FBQzdFLGlEQUFzRDtBQUV0RCxxRUFBeUQ7QUFDekQsbUVBQXdEO0FBRXhELGlGQUEyRTtBQUMzRSwyRUFBcUU7QUFHckU7Ozs7R0FJRztBQUNILE1BQWEsZUFBZ0IsU0FBUSx5QkFBVztJQUM5Qzs7OztPQUlHO0lBQ0ksTUFBTSxDQUFDLFdBQVcsQ0FBQyxLQUFnQjtRQUN4QyxNQUFNLEtBQUssR0FBRyxtQkFBSyxDQUFDLEVBQUUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUM5QixNQUFNLEVBQUUsR0FBRyxtQ0FBbUMsQ0FBQztRQUMvQyxNQUFNLFFBQVEsR0FBRyxLQUFLLENBQUMsSUFBSSxDQUFDLFlBQVksQ0FBQyxFQUFFLENBQUMsQ0FBQztRQUM3QyxPQUFRLFFBQTRCLElBQUksSUFBSSxlQUFlLENBQUMsS0FBSyxFQUFFLEVBQUUsRUFBRSxFQUFFLENBQUMsQ0FBQztJQUM3RSxDQUFDO0lBb0JELFlBQVksS0FBZ0IsRUFBRSxFQUFVLEVBQUUsS0FBMkI7UUFDbkUsS0FBSyxDQUFDLEtBQUssRUFBRSxFQUFFLEVBQUUsS0FBSyxDQUFDLENBQUM7UUFFeEIsTUFBTSxtQkFBbUIsR0FBRyxPQUFPLENBQUMsR0FBRyxDQUFDLGlCQUFpQixLQUFLLFFBQVEsQ0FBQyxDQUFDLENBQUMsZ0JBQWdCLENBQUMsQ0FBQyxDQUFDLFdBQVcsQ0FBQztRQUV4RyxJQUFJLENBQUMsY0FBYyxHQUFHLElBQUksa0RBQXNCLENBQUMsSUFBSSxFQUFFLHdCQUF3QixFQUFFO1lBQy9FLFdBQVcsRUFBRTtnQkFDWCw2QkFBNkIsRUFBRSxtQkFBbUI7YUFDbkQ7WUFDRCxPQUFPLEVBQUUsc0JBQVEsQ0FBQyxPQUFPLENBQUMsRUFBRSxDQUFDO1lBQzdCLGFBQWEsRUFBRTtnQkFDYixJQUFJLHlCQUFlLENBQUM7b0JBQ2xCLE9BQU8sRUFBRSxDQUFDLDZCQUE2QixFQUFFLDRCQUE0QixDQUFDO29CQUN0RSxTQUFTLEVBQUUsQ0FBQyxHQUFHLENBQUM7aUJBQ2pCLENBQUM7YUFDSDtTQUNGLENBQUMsQ0FBQztRQUVILElBQUksQ0FBQyxpQkFBaUIsR0FBRyxJQUFJLHdEQUF5QixDQUFDLElBQUksRUFBRSwyQkFBMkIsRUFBRTtZQUN4RixXQUFXLEVBQUU7Z0JBQ1gsNkJBQTZCLEVBQUUsbUJBQW1CO2FBQ25EO1lBQ0QsT0FBTyxFQUFFLHNCQUFRLENBQUMsT0FBTyxDQUFDLENBQUMsQ0FBQztZQUM1QixhQUFhLEVBQUU7Z0JBQ2IsSUFBSSx5QkFBZSxDQUFDO29CQUNsQixPQUFPLEVBQUU7d0JBQ1AsMkNBQTJDO3dCQUMzQyw0QkFBNEI7d0JBQzVCLCtCQUErQjt3QkFDL0IsMkJBQTJCO3dCQUMzQix5QkFBeUI7d0JBQ3pCLDJCQUEyQjtxQkFDNUI7b0JBQ0QsU0FBUyxFQUFFLENBQUMsR0FBRyxDQUFDO2lCQUNqQixDQUFDO2FBQ0g7U0FDRixDQUFDLENBQUM7UUFFSCxJQUFJLENBQUMsUUFBUSxHQUFHLElBQUksMkJBQVEsQ0FBQyxJQUFJLEVBQUUsVUFBVSxFQUFFO1lBQzdDLGNBQWMsRUFBRSxJQUFJLENBQUMsY0FBYztZQUNuQyxpQkFBaUIsRUFBRSxJQUFJLENBQUMsaUJBQWlCO1lBQ3pDLGFBQWEsRUFBRSxzQkFBUSxDQUFDLE9BQU8sQ0FBQyxDQUFDLENBQUM7WUFDbEMsNEJBQTRCLEVBQUU7Z0JBQzVCLEtBQUssRUFBRSw0QkFBUSxDQUFDLEdBQUc7Z0JBQ25CLG9CQUFvQixFQUFFLEtBQUs7YUFDNUI7U0FDRixDQUFDLENBQUM7SUFDTCxDQUFDO0NBQ0Y7QUEvRUQsMENBK0VDIiwic291cmNlc0NvbnRlbnQiOlsiaW1wb3J0IHsgRHVyYXRpb24sIE5lc3RlZFN0YWNrLCBOZXN0ZWRTdGFja1Byb3BzLCBTdGFjayB9IGZyb20gXCJhd3MtY2RrLWxpYlwiO1xuaW1wb3J0IHsgUG9saWN5U3RhdGVtZW50IH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1pYW1cIjtcbmltcG9ydCB7IEZ1bmN0aW9uIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1sYW1iZGFcIjtcbmltcG9ydCB7IExvZ0xldmVsIH0gZnJvbSBcImF3cy1jZGstbGliL2F3cy1zdGVwZnVuY3Rpb25zXCI7XG5pbXBvcnQgeyBQcm92aWRlciB9IGZyb20gXCJhd3MtY2RrLWxpYi9jdXN0b20tcmVzb3VyY2VzXCI7XG5pbXBvcnQgeyBDb25zdHJ1Y3QgfSBmcm9tIFwiY29uc3RydWN0c1wiO1xuaW1wb3J0IHsgSXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvbiB9IGZyb20gXCIuL2lzLWNvbXBsZXRlLWhhbmRsZXItZnVuY3Rpb25cIjtcbmltcG9ydCB7IE9uRXZlbnRIYW5kbGVyRnVuY3Rpb24gfSBmcm9tIFwiLi9vbi1ldmVudC1oYW5kbGVyLWZ1bmN0aW9uXCI7XG5leHBvcnQgaW50ZXJmYWNlIEFjY291bnRQcm92aWRlclByb3BzIGV4dGVuZHMgTmVzdGVkU3RhY2tQcm9wcyB7fVxuXG4vKipcbiAqIENyZWF0ZXMgYSBjdXN0b20gcmVzb3VyY2UgcHJvdmlkZXIgdG8gYXN5bmNocm9ub3VzbHkgY3JlYXRlIEFjY291bnRzIGluIEFXUyBvcmdhbml6YXRpb24uIDxzdHJvbmc+QWNjb3VudCBkZWxldGlvbiBpcyBjdXJyZW50bHkgbm90IHN1cHBvcnRlZCE8L3N0cm9uZz5cbiAqXG4gKiBAc2VlIGh0dHBzOi8vZG9jcy5hd3MuYW1hem9uLmNvbS9jZGsvYXBpL3YxL2RvY3MvY3VzdG9tLXJlc291cmNlcy1yZWFkbWUuaHRtbCNwcm92aWRlci1mcmFtZXdvcmtcbiAqL1xuZXhwb3J0IGNsYXNzIEFjY291bnRQcm92aWRlciBleHRlbmRzIE5lc3RlZFN0YWNrIHtcbiAgLyoqXG4gICAqIFJldHJpZXZlIEFjY291bnRQcm92aWRlciBhcyBzdGFjayBzaW5nbGV0b24gcmVzb3VyY2UuXG4gICAqXG4gICAqIEBzZWUgaHR0cHM6Ly9naXRodWIuY29tL2F3cy9hd3MtY2RrL2lzc3Vlcy81MDIzXG4gICAqL1xuICBwdWJsaWMgc3RhdGljIGdldE9yQ3JlYXRlKHNjb3BlOiBDb25zdHJ1Y3QpOiBBY2NvdW50UHJvdmlkZXIge1xuICAgIGNvbnN0IHN0YWNrID0gU3RhY2sub2Yoc2NvcGUpO1xuICAgIGNvbnN0IGlkID0gXCJjZGstb3JnYW5pemF0aW9ucy5BY2NvdW50UHJvdmlkZXJcIjtcbiAgICBjb25zdCBleGlzdGluZyA9IHN0YWNrLm5vZGUudHJ5RmluZENoaWxkKGlkKTtcbiAgICByZXR1cm4gKGV4aXN0aW5nIGFzIEFjY291bnRQcm92aWRlcikgfHwgbmV3IEFjY291bnRQcm92aWRlcihzdGFjaywgaWQsIHt9KTtcbiAgfVxuICAvKipcbiAgICogQ3JlYXRlcyBhbiBBY2NvdW50IGFuZCByZXR1cm5zIHRoZSBDcmVhdGVBY2NvdW50U3RhdHVzIElEIG9uIENyZWF0ZS4gUGFzc2VzIHRoZSBQaHlzaWNhbFJlc291cmNlSWQgb24gVXBkYXRlIHRocm91Z2guIEZhaWxzIG9uIERlbGV0ZS5cbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy9sYXRlc3QvQVdTL09yZ2FuaXphdGlvbnMuaHRtbCNjcmVhdGVBY2NvdW50LXByb3BlcnR5XG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgb25FdmVudEhhbmRsZXI6IEZ1bmN0aW9uO1xuICAvKipcbiAgICogRGVzY3JpYmVzIHRoZSBDcmVhdGVBY2NvdW50U3RhdHVzIGFuZCByZXR1cm5zIHRoZSBjb21wbGV0aW9ucyBzdGF0dXMuIEZhaWxzIG9uIERlbGV0ZS5cbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vQVdTSmF2YVNjcmlwdFNESy9sYXRlc3QvQVdTL09yZ2FuaXphdGlvbnMuaHRtbCNkZXNjcmliZUNyZWF0ZUFjY291bnRTdGF0dXMtcHJvcGVydHlcbiAgICovXG4gIHB1YmxpYyByZWFkb25seSBpc0NvbXBsZXRlSGFuZGxlcjogRnVuY3Rpb247XG4gIC8qKlxuICAgKiBUaGUgYXN5bmNocm9udW9zIHByb3ZpZGVyIHRvIGNyZWF0ZSBvciB1cGRhdGUgYW4gQWNjb3VudC5cbiAgICpcbiAgICogQHNlZSBodHRwczovL2RvY3MuYXdzLmFtYXpvbi5jb20vY2RrL2FwaS92MS9kb2NzL2N1c3RvbS1yZXNvdXJjZXMtcmVhZG1lLmh0bWwjYXN5bmNocm9ub3VzLXByb3ZpZGVycy1pc2NvbXBsZXRlXG4gICAqL1xuICBwdWJsaWMgcmVhZG9ubHkgcHJvdmlkZXI6IFByb3ZpZGVyO1xuXG4gIGNvbnN0cnVjdG9yKHNjb3BlOiBDb25zdHJ1Y3QsIGlkOiBzdHJpbmcsIHByb3BzOiBBY2NvdW50UHJvdmlkZXJQcm9wcykge1xuICAgIHN1cGVyKHNjb3BlLCBpZCwgcHJvcHMpO1xuXG4gICAgY29uc3Qgb3JnYW5pemF0aW9uc1JlZ2lvbiA9IHByb2Nlc3MuZW52LkNES19BV1NfUEFSVElUSU9OID09PSBcImF3cy1jblwiID8gXCJjbi1ub3J0aHdlc3QtMVwiIDogXCJ1cy1lYXN0LTFcIjtcblxuICAgIHRoaXMub25FdmVudEhhbmRsZXIgPSBuZXcgT25FdmVudEhhbmRsZXJGdW5jdGlvbih0aGlzLCBcIk9uRXZlbnRIYW5kbGVyRnVuY3Rpb25cIiwge1xuICAgICAgZW52aXJvbm1lbnQ6IHtcbiAgICAgICAgT1JHQU5JWkFUSU9OU19FTkRQT0lOVF9SRUdJT046IG9yZ2FuaXphdGlvbnNSZWdpb24sXG4gICAgICB9LFxuICAgICAgdGltZW91dDogRHVyYXRpb24ubWludXRlcygxMCksXG4gICAgICBpbml0aWFsUG9saWN5OiBbXG4gICAgICAgIG5ldyBQb2xpY3lTdGF0ZW1lbnQoe1xuICAgICAgICAgIGFjdGlvbnM6IFtcIm9yZ2FuaXphdGlvbnM6Q3JlYXRlQWNjb3VudFwiLCBcIm9yZ2FuaXphdGlvbnM6TGlzdEFjY291bnRzXCJdLFxuICAgICAgICAgIHJlc291cmNlczogW1wiKlwiXSxcbiAgICAgICAgfSksXG4gICAgICBdLFxuICAgIH0pO1xuXG4gICAgdGhpcy5pc0NvbXBsZXRlSGFuZGxlciA9IG5ldyBJc0NvbXBsZXRlSGFuZGxlckZ1bmN0aW9uKHRoaXMsIFwiSXNDb21wbGV0ZUhhbmRsZXJGdW5jdGlvblwiLCB7XG4gICAgICBlbnZpcm9ubWVudDoge1xuICAgICAgICBPUkdBTklaQVRJT05TX0VORFBPSU5UX1JFR0lPTjogb3JnYW5pemF0aW9uc1JlZ2lvbixcbiAgICAgIH0sXG4gICAgICB0aW1lb3V0OiBEdXJhdGlvbi5taW51dGVzKDEpLFxuICAgICAgaW5pdGlhbFBvbGljeTogW1xuICAgICAgICBuZXcgUG9saWN5U3RhdGVtZW50KHtcbiAgICAgICAgICBhY3Rpb25zOiBbXG4gICAgICAgICAgICBcIm9yZ2FuaXphdGlvbnM6RGVzY3JpYmVDcmVhdGVBY2NvdW50U3RhdHVzXCIsXG4gICAgICAgICAgICBcIm9yZ2FuaXphdGlvbnM6TGlzdEFjY291bnRzXCIsXG4gICAgICAgICAgICBcIm9yZ2FuaXphdGlvbnM6RGVzY3JpYmVBY2NvdW50XCIsXG4gICAgICAgICAgICBcIm9yZ2FuaXphdGlvbnM6TGlzdFBhcmVudHNcIixcbiAgICAgICAgICAgIFwib3JnYW5pemF0aW9uczpMaXN0Um9vdHNcIixcbiAgICAgICAgICAgIFwib3JnYW5pemF0aW9uczpNb3ZlQWNjb3VudFwiLFxuICAgICAgICAgIF0sXG4gICAgICAgICAgcmVzb3VyY2VzOiBbXCIqXCJdLFxuICAgICAgICB9KSxcbiAgICAgIF0sXG4gICAgfSk7XG5cbiAgICB0aGlzLnByb3ZpZGVyID0gbmV3IFByb3ZpZGVyKHRoaXMsIFwiUHJvdmlkZXJcIiwge1xuICAgICAgb25FdmVudEhhbmRsZXI6IHRoaXMub25FdmVudEhhbmRsZXIsXG4gICAgICBpc0NvbXBsZXRlSGFuZGxlcjogdGhpcy5pc0NvbXBsZXRlSGFuZGxlcixcbiAgICAgIHF1ZXJ5SW50ZXJ2YWw6IER1cmF0aW9uLnNlY29uZHMoNSksXG4gICAgICB3YWl0ZXJTdGF0ZU1hY2hpbmVMb2dPcHRpb25zOiB7XG4gICAgICAgIGxldmVsOiBMb2dMZXZlbC5BTEwsXG4gICAgICAgIGluY2x1ZGVFeGVjdXRpb25EYXRhOiBmYWxzZSxcbiAgICAgIH0sXG4gICAgfSk7XG4gIH1cbn1cbiJdfQ==